PSP Set To Privileged

  • Query id: ee305555-6b1d-4055-94cf-e22131143c34
  • Query name: PSP Set To Privileged
  • Platform: Pulumi
  • Severity: High
  • Category: Insecure Configurations
  • CWE: 269
  • URL: Github

Description

Do not allow pod to request execution as privileged.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  example:
    type: kubernetes:policy/v1beta1:PodSecurityPolicy
    properties:
      metadata:
        name: example
      spec:
        privileged: true

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  example:
    type: kubernetes:policy/v1beta1:PodSecurityPolicy
    properties:
      metadata:
        name: example
      spec:
        privileged: false